DARKNAVY (@DarkNavyOrg) / X

DARKNAVY

105 posts

DARKNAVY

@DarkNavyOrg

Cybersecurity enthusiasts from DARKNAVY. Achieve, Analyze, Attack *Oops.

Joined November 2023

DARKNAVY
@DarkNavyOrg
Sep 28, 2025
We triggered WhatsApp 0-click on iOS/macOS/iPadOS. CVE-2025-55177 arises from missing validation that the [Redacted] message originates from a linked device, enabling specially crafted DNG parsing that triggers CVE-2025-43300. Analysis of Samsung CVE-2025-21043 is also ongoing.
00:00
279K
DARKNAVY
@DarkNavyOrg
Oct 19, 2025
We implemented an exploit for RediShell (CVE-2025-49844). While doing so, we discovered that the publicly available PoC incorrectly uses loadstring to trigger the Redis UAF. Kudos to @wiz_io for the interesting findings!
00:00
41K
DARKNAVY
@DarkNavyOrg
Aug 23, 2025
While reproducing the iOS ITW CVE-2025-43300 (support.apple.com/en-us/124925), we accidentally triggered another old DNG image parsing vulnerability. The analysis is still ongoing.
00:00
24K
DARKNAVY
@DarkNavyOrg
Jul 1, 2025
Leak hole PoC for Chrome in-the-wild vulnerability CVE-2025-6554 published yesterday: github.com/DarkNavySecuri…
33K
DARKNAVY
@DarkNavyOrg
Nov 3, 2023
Exploiting the libwebp Vulnerability in Chrome by DARKNAVY. blog.darknavy.com/blog/exploitin… blog.darknavy.com/blog/exploitin…
49K
DARKNAVY
@DarkNavyOrg
Aug 30, 2024
Since the issue of CVE-2024-5274 is public now, we can finally release our research from months ago. This is a rare vulnerability in the V8 Parser module, and we were surprised to find that our exploit method coincidentally aligns with the ITW exploit😅 blog.darknavy.com/blog/cve_2024_…
18K
DARKNAVY
@DarkNavyOrg
Nov 23, 2023
We've successfully exploited three RCE chains in Steam, one of which chains 4~6 pure logical bugs (features). Memory corruption vulnerabilities were also exploited. Stay tuned for the technical details on our blog after Valve fixes them.
00:00
26K
DARKNAVY
@DarkNavyOrg
Jun 24, 2025
Our Black Hat USA 2025 talk, "What's NEXT in Security: Adversarial Review of HarmonyOS NEXT", has been made public. blackhat.com/us-25/briefing… #BHUSA @BlackHatEvents
17K
DARKNAVY
@DarkNavyOrg
May 23, 2025
Meet our new buddy, Argusee — an AI-powered, automated vulnerability hunter that has already discovered 15+ vulnerabilities across projects, including a previously unknown Linux kernel flaw (CVE-2025-37891) enabling LPE. Demo and details: darknavy.org/blog/argusee_a…
00:00
13K
DARKNAVY
@DarkNavyOrg
Nov 9, 2023
Our exploit code is public now. github.com/DarkNavySecuri…
DARKNAVY
@DarkNavyOrg
Nov 3, 2023
Exploiting the libwebp Vulnerability in Chrome by DARKNAVY. blog.darknavy.com/blog/exploitin… blog.darknavy.com/blog/exploitin…
23K
DARKNAVY
@DarkNavyOrg
Jun 27, 2024
Our new blog post, "Exploiting Steam: Usual and Unusual Ways in the CEF Framework" Usual way: V8 + sandbox exploit for CEF Unusual way: Pure logical bug chain with 100% stability!
darknavy.org
Exploiting Steam: Usual and Unusual Ways in the CEF Framework
Introduction The Chromium Embedded Framework (CEF) is an open-source framework that allows developers to embed the Chromium engine in their applications. Although CEF is widely employed in a range of...
11K
DARKNAVY
@DarkNavyOrg
Oct 16, 2024
A textbook UAF vulnerability in... Chrome AI? We will share more details at Geekcon 1024 next week! [$36000][367755363] High CVE-2024-9954: Use after free in AI. Reported by DarkNavy on 2024-09-18
chromereleases.googleblog.com
Stable Channel Update for Desktop
The Stable channel has been updated to 130.0.6723.58/.59 for Windows, Mac and 130.0.6723 .58 for Linux which will roll out over the coming...
8.4K
DARKNAVY
@DarkNavyOrg
Jan 3, 2024
We are counting down the life of heap memory corruption. Enjoy our new blog post: Strengthening the Shield: MTE in Heap Allocators.
darknavy.org
Strengthening the Shield: MTE in Heap Allocators
Introduction In 2018, with the release of ARMv8.5-A, a brand new chip security feature MTE (Memory Tagging Extensions) emerged. Five years later, in 2023, the first smartphone to support this feature...
8.8K
DARKNAVY
@DarkNavyOrg
Aug 27, 2025
Replying to @DarkNavyOrg
After wrestling with a mess of decompiled pseudocode, we wrote a short analysis of CVE-2025-43300. In a twist of irony, we also show how we stumbled on another DNG parsing bug that was supposed to be fixed a few months ago. github.com/DarkNavySecuri…
11K